An update for perl-Net-CIDR-Lite is now available for openEuler-20.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1304 Final 1.0 1.0 2024-03-22 Initial 2024-03-22 2024-03-22 openEuler SA Tool V1.0 2024-03-22 perl-Net-CIDR-Lite security update An update for perl-Net-CIDR-Lite is now available for openEuler-20.03-LTS-SP4. Faster alternative to Net::CIDR when merging a large number of CIDR address ranges. Works for IPv4 and IPv6 addresses. Security Fix(es): The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.(CVE-2021-47154) An update for perl-Net-CIDR-Lite is now available for openEuler-20.03-LTS-SP4. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium perl-Net-CIDR-Lite https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1304 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-47154 https://nvd.nist.gov/vuln/detail/CVE-2021-47154 openEuler-20.03-LTS-SP4 perl-Net-CIDR-Lite-0.21-24.oe2003sp4.noarch.rpm perl-Net-CIDR-Lite-help-0.21-24.oe2003sp4.noarch.rpm perl-Net-CIDR-Lite-0.21-24.oe2003sp4.src.rpm The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. 2024-03-22 CVE-2021-47154 openEuler-20.03-LTS-SP4 Medium 6.3 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L perl-Net-CIDR-Lite security update 2024-03-22 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1304